Security News > 2023 > June > Microsoft stole our stolen dark web data, says security outfit
Microsoft stands accused by cyber intelligence firm Hold Security of violating an agreement between the pair by misusing Hold's database of more than 360 million sets of credentials culled from the dark web.
In a lawsuit filed in King County Superior Court in Washington, Hold said it had an agreement with Microsoft going back to 2014 to grant the Windows giant access to its database of compromised accounts with the expectation that Microsoft would limit use to matching Hold's records against Microsoft customer accounts.
The suit also accuses Microsoft of "Improperly and without authorization" using stolen accounts in Hold's database in its administration of LinkedIn and GitHub, both of which were acquired after the initial statement of work that defined which domains Microsoft could collect data for.
Hold claims in the suit to have discovered in 2021 that Microsoft had been "Wrongfully retain[ing] stolen account credentials in contravention of the parties' agreement," and that Hold CEO Alex Holden contacted Microsoft to discuss the issue.
Along with claiming that Microsoft was collecting and using data in violation of its agreements with Hold, the lawsuit also alleges Microsoft waged a harassment campaign against Hold and Holden when the companies began to have issues.
Hold's lawyers claim Microsoft directed its employees to cease working with Hold after Holden made claims critical of Microsoft's takedown of the TrickBot network, and that Microsoft employees tweeted false information that made cybersecurity journalist Brian Krebs resign from Hold's board, a report Krebs disputed.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/06/12/microsoft_hold_security_lawsuit/
Related news
- Microsoft Entra "security defaults" to make MFA setup mandatory (source)
- Dark web crypto laundering kingpin sentenced to 12.5 years in prison (source)
- AI’s impact on the future of web application security (source)
- Microsoft pulls Exchange security updates over mail delivery issues (source)
- ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps (source)
- Microsoft Ignite 2024 Unveils Groundbreaking AI, Security, and Teams Innovations (source)
- Microsoft plans to boot security vendors out of the Windows kernel (source)
- Microsoft announces new and improved Windows 11 security features (source)
- Microsoft Launches Windows Resiliency Initiative to Boost Security and System Integrity (source)
- Here's what happens if you don't layer network security – or remove unused web shells (source)